Hi
I am very new to this list and also has no knowledge about the security of
Linux domain. I know the security concepts in general, but no idea about
Linux' security status. I want to participate in list for which I have some
queries, which remains unclear and unanswered from Internet. If any body has
information regarding to the queries then pls provide it to me and help me
out.
1. I have no complete information regarding the current security status of
Linux. What I have found is mentioned below: -
· It seems that till date Linux doesn't't have security rating of C2
(Controlled Access Protection). It is still at C1 security level.
· Linux lacks in security procedures, called MAC or LSPP, to specify
which users are allowed to send or receive information from others.
· Currently Linux does not comply completely with DIICOE standards.
Linux also fails to meet the Common Criteria (CC) requirements.
· Functionally, Linux lacks the ability to audit the necessary events
(all security-relevant events) to meet the functional requirements of the
CAPP.
I know that there are projects going on in each of the above areas (like
SELInux, RABAC Linux and more...)
Still I want to know the comprehensive list for current security
shortcomings in Linux.
2. What are the expectation regarding the "Secured Linux" (including kernel
as well as tools and utilities, without which the secured Linux would not be
useful in practical scenario..)?? I mean to ask, is there any clear set of
expectation regarding the secured Linux ? In short, what should be "Ideal
Secure Linux"??
Any guidelines regarding to above matter would be help full for me.
Thanks in advance..
Looking for precious suggestions and comments
Deepak.
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
